Debian Privoxy vulnerabilities

CVE-2021-20213 [HIGH] CVE-2021-20213: privoxy - A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-poi... A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fix

CVE-2021-20215 [HIGH] CVE-2021-20215: privoxy - A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-... A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fixed in 3.0.29-1) sid: resolved (fixed in 3.0.29-1) trixie: resolved (fixed in 3.0.29-1)

CVE-2021-20275 [HIGH] CVE-2021-20275: privoxy - A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur ... A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. Scope: local bookworm: resolved (fixed in 3.0.32-1) bullseye: resolved (fixed in 3.0.32-1) forky: resolved (fixed in 3.0.32-1) sid: resolved (fixed in 3.0.32-1) trixie: resolved (fixed in 3.0.32-1)

CVE-2021-20212 [HIGH] CVE-2021-20212: privoxy - A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple f... A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fixed in 3.0.29-1) sid: resolved (fixed in 3.0.29-1) trixie: resolved (fixed in 3.0.2

CVE-2021-20209 [HIGH] CVE-2021-20209: privoxy - A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-statu... A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fixed in 3.0.29-1) sid: resolved (fixed in 3.0.29-1) trixie: resolved (fixed in 3.0.29-1)

CVE-2021-20211 [HIGH] CVE-2021-20211: privoxy - A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client t... A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fixed in 3.0.29-1) sid: resolved (fixed in 3.0.29-1) trixie: resolved (fixed in 3.0.29-1)

CVE-2021-20273 [HIGH] CVE-2021-20273: privoxy - A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI r... A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. Scope: local bookworm: resolved (fixed in 3.0.32-1) bullseye: resolved (fixed in 3.0.32-1) forky: resolved (fixed in 3.0.32-1) sid: resolved (fixed in 3.0.32-1) trixie: resolved (fixed in 3.0.32-1)

CVE-2021-44540 [HIGH] CVE-2021-44540: privoxy - A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by ... A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. Scope: local bookworm: resolved (fixed in 3.0.33-1) bullseye: resolved (fixed in 3.0.32-2+deb11u1) forky: resolved (fixed in 3.0.33-1) sid: resolved (fixed in 3.0.33-1) trixie: resolved (fixed in 3.0.33-1)

CVE-2021-20214 [HIGH] CVE-2021-20214: privoxy - A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the clien... A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fixed in 3.0.29-1) sid: resolved (fixed in 3.0.29-1) trixie: resolved (fi

CVE-2021-20272 [HIGH] CVE-2021-20272: privoxy - A flaw was found in privoxy before 3.0.32. An assertion failure could be trigger... A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. Scope: local bookworm: resolved (fixed in 3.0.32-1) bullseye: resolved (fixed in 3.0.32-1) forky: resolved (fixed in 3.0.32-1) sid: resolved (fixed in 3.0.32-1) trixie: resolved (fixed in 3.0.32-1)

CVE-2021-44542 [HIGH] CVE-2021-44542: privoxy - A memory leak vulnerability was found in Privoxy when handling errors. A memory leak vulnerability was found in Privoxy when handling errors. Scope: local bookworm: resolved (fixed in 3.0.33-1) bullseye: resolved (fixed in 3.0.32-2+deb11u1) forky: resolved (fixed in 3.0.33-1) sid: resolved (fixed in 3.0.33-1) trixie: resolved (fixed in 3.0.33-1)

CVE-2021-20276 [HIGH] CVE-2021-20276: privoxy - A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid... A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to pcre_compile() may lead to denial of service. Scope: local bookworm: resolved (fixed in 3.0.32-1) bullseye: resolved (fixed in 3.0.32-1) forky: resolved (fixed in 3.0.32-1) sid: resolved (fixed in 3.0.32-1) trixie: resolved (fixed in 3.0.32-1)

CVE-2021-20274 [HIGH] CVE-2021-20274: privoxy - A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer ... A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves. Scope: local bookworm: resolved (fixed in 3.0.32-1) bullseye: resolved (fixed in 3.0.32-1) forky: resolved (fixed in 3.0.32-1) sid: resolved (fixed in 3.0.32-1) trixie: resolved (fixed in 3.0.32-1)

CVE-2021-20216 [HIGH] CVE-2021-20216: privoxy - A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs... A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 3.0.31-1) bullseye: resolved (fixed in 3.0.31-1) forky: resolved (fixed in 3.0.31-1) sid: resolved (fixe

CVE-2021-20210 [HIGH] CVE-2021-20210: privoxy - A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-s... A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fixed in 3.0.29-1) sid: resolved (fixed in 3.0.29-1) trixie: resolved (fixed in 3.0.29-1)

CVE-2021-20217 [HIGH] CVE-2021-20217: privoxy - A flaw was found in Privoxy in versions before 3.0.31. An assertion failure trig... A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 3.0.31-1) bullseye: resolved (fixed in 3.0.31-1) forky: resolved (fixed in 3.0.31-1) sid: resolved (fixed in 3.0.3

CVE-2021-44541 [HIGH] CVE-2021-44541: privoxy - A vulnerability was found in Privoxy which was fixed in process_encrypted_reques... A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. Scope: local bookworm: resolved (fixed in 3.0.33-1) bullseye: resolved (fixed in 3.0.32-2+deb11u1) forky: resolved (fixed in 3.0.33-1) sid: resolved (fixed in 3.0.33-1) trixie: resolved (fixed in 3.0.33-1)

CVE-2021-44543 [MEDIUM] CVE-2021-44543: privoxy - An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_templa... An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. Scope: local bookworm: resolved (fixed in 3.0.33-1) bullseye: resolved (fixed in 3.0.32-2+deb11u1) forky: resolved (fixed in 3.0.33-1) sid: resolved (fixed in 3.0.33-1) trixie: resolved (fixed

CVE-2020-35502 [HIGH] CVE-2020-35502: privoxy - A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a respo... A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. Scope: local bookworm: resolved (fixed in 3.0.29-1) bullseye: resolved (fixed in 3.0.29-1) forky: resolved (fixed in 3.0.29-1) sid: resolved (fixed in 3.0.29-1) trixie: resolve

CVE-2016-1982 [HIGH] CVE-2016-1982: privoxy - The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.2... The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. Scope: local bookworm: resolved (fixed in 3.0.24-1) bullseye: resolved (fixed in 3.0.24-1) forky: resolved (fixed in 3.0.24-1) sid: resolved (fixed in 3.0.24-1) trixie: resolv